Nplatform

5 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-64124 HIGH This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows OS Command Injection.This issue affects Multi-Stack Controller (MSC): before 2.5.1. [CVSS 8.8 HIGH]

Command Injection Nplatform
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-64123 CRITICAL Act Now

Nuvation Energy MSC through 2.5.1 can be used as an unintended network proxy to bridge security boundaries. An attacker can leverage the controller to access networks that should be isolated, turning the battery controller into a pivot point.

Information Disclosure Nplatform
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-64122 MEDIUM This Month

Insufficiently Protected Credentials vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Signature Spoofing by Key Theft.This issue affects Multi-Stack Controller (MSC): through 2.5.1. [CVSS 5.5 MEDIUM]

Authentication Bypass Nplatform
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-64121 CRITICAL Act Now

Nuvation Energy Multi-Stack Controller (MSC) for battery storage systems allows authentication bypass through an alternate channel, enabling unauthenticated attackers to access critical energy management functions. Affects versions 2.3.8 to 2.5.1.

Authentication Bypass Nplatform
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-64120 HIGH This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows OS Command Injection.This issue affects Multi-Stack Controller (MSC): from 2.3.8 before 2.5.1. [CVSS 8.8 HIGH]

Command Injection Nplatform
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-64124
EPSS 0% CVSS 8.8
HIGH This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows OS Command Injection.This issue affects Multi-Stack Controller (MSC): before 2.5.1. [CVSS 8.8 HIGH]

Command Injection Nplatform
NVD
CVE-2025-64123
EPSS 0% CVSS 9.8
CRITICAL Act Now

Nuvation Energy MSC through 2.5.1 can be used as an unintended network proxy to bridge security boundaries. An attacker can leverage the controller to access networks that should be isolated, turning the battery controller into a pivot point.

Information Disclosure Nplatform
NVD
CVE-2025-64122
EPSS 0% CVSS 5.5
MEDIUM This Month

Insufficiently Protected Credentials vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Signature Spoofing by Key Theft.This issue affects Multi-Stack Controller (MSC): through 2.5.1. [CVSS 5.5 MEDIUM]

Authentication Bypass Nplatform
NVD
CVE-2025-64121
EPSS 0% CVSS 9.8
CRITICAL Act Now

Nuvation Energy Multi-Stack Controller (MSC) for battery storage systems allows authentication bypass through an alternate channel, enabling unauthenticated attackers to access critical energy management functions. Affects versions 2.3.8 to 2.5.1.

Authentication Bypass Nplatform
NVD
CVE-2025-64120
EPSS 0% CVSS 8.8
HIGH This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows OS Command Injection.This issue affects Multi-Stack Controller (MSC): from 2.3.8 before 2.5.1. [CVSS 8.8 HIGH]

Command Injection Nplatform
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy